[multiple] fix TLS config string parsing

flagged by coverity

(incomplete fix a few commits back)

src/mod_gnutls.c

@@ -385,11 +385,20 @@ mod_gnutls_session_ticket_key_check (server *srv, const plugin_data *p, const ti
                 if (NULL == session_ticket_key.data) return;
                 session_ticket_key.size = TICKET_MASTER_KEY_SIZE;
             }
+          #ifndef __COVERITY__
             memcpy(session_ticket_key.data,
                    stek->tick_key_name, TICKET_MASTER_KEY_SIZE);
-          #ifndef __COVERITY__
             gnutls_memset(stek->tick_key_name, 0, TICKET_MASTER_KEY_SIZE);
           #else
+            char * const data = (char *)session_ticket_key.data;
+            memcpy(data,
+                   stek->tick_key_name, TLSEXT_KEYNAME_LENGTH);
+            memcpy(data+TLSEXT_KEYNAME_LENGTH,
+                   stek->tick_hmac_key, TLSEXT_TICK_KEY_LENGTH);
+            memcpy(data+TLSEXT_KEYNAME_LENGTH+TLSEXT_TICK_KEY_LENGTH,
+                   stek->tick_aes_key,
+                   TICKET_MASTER_KEY_SIZE
+                    - TLSEXT_KEYNAME_LENGTH + TLSEXT_TICK_KEY_LENGTH);
             gnutls_memset(stek->tick_key_name, 0, TLSEXT_KEYNAME_LENGTH);
             gnutls_memset(stek->tick_hmac_key, 0, TLSEXT_TICK_KEY_LENGTH);
             gnutls_memset(stek->tick_aes_key, 0, TLSEXT_TICK_KEY_LENGTH);
@@ -3095,6 +3104,7 @@ mod_gnutls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer *
             const char * const p = e+1;
             e = strchr(p, ':');
             size_t len = e ? (size_t)(e - p) : strlen(p);
+            if (0 == len) continue;
             if (len >= sizeof(n)) {
                 log_error(srv->errh, __FILE__, __LINE__,
                   "GnuTLS: skipped ciphersuite; too long: %.*s",
@@ -3226,7 +3236,7 @@ mod_gnutls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer *
                 continue;
             }
 
-            if (*e != ':' && *e != '\0') {
+            {
                 log_error(srv->errh, __FILE__, __LINE__,
                   "GnuTLS: error: missing support for cipher list: %.*s",
                   (int)len, p);

src/mod_mbedtls.c

@@ -3236,6 +3236,7 @@ mod_mbedtls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer
             const char * const p = e+1;
             e = strchr(p, ':');
             size_t len = e ? (size_t)(e - p) : strlen(p);
+            if (0 == len) continue;
             if (len >= sizeof(n)) {
                 log_error(srv->errh, __FILE__, __LINE__,
                   "MTLS: skipped ciphersuite; too long: %.*s",
@@ -3505,7 +3506,7 @@ mod_mbedtls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer
                 continue;
             }
 
-            if (*e != ':' && *e != '\0') {
+            {
                 log_error(srv->errh, __FILE__, __LINE__,
                   "MTLS: error: missing support for cipher list: %.*s",
                   (int)len, p);
@@ -3530,6 +3531,11 @@ mod_mbedtls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer
         if (-1 == nids) return 0;
     }
 
+    if (nids >= idsz) {
+        log_error(srv->errh, __FILE__, __LINE__,
+          "MTLS: error: too many ciphersuites during list expand");
+        return 0;
+    }
     ids[++nids] = 0; /* terminate list */
     ++nids;